CN109862563A - A kind of physical layer authentication method and system suitable for mobile wireless network environment - Google Patents

A kind of physical layer authentication method and system suitable for mobile wireless network environment Download PDF

Info

Publication number
CN109862563A
CN109862563A CN201910058251.8A CN201910058251A CN109862563A CN 109862563 A CN109862563 A CN 109862563A CN 201910058251 A CN201910058251 A CN 201910058251A CN 109862563 A CN109862563 A CN 109862563A
Authority
CN
China
Prior art keywords
terminal
sequence
data packet
communication terminal
certification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910058251.8A
Other languages
Chinese (zh)
Other versions
CN109862563B (en
Inventor
王秋华
刘昊
康明洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dianzi University
Original Assignee
Hangzhou Dianzi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dianzi University filed Critical Hangzhou Dianzi University
Priority to CN201910058251.8A priority Critical patent/CN109862563B/en
Publication of CN109862563A publication Critical patent/CN109862563A/en
Application granted granted Critical
Publication of CN109862563B publication Critical patent/CN109862563B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The invention discloses a kind of physical layer authentication method and systems suitable for mobile wireless network environment.Setting authentication end has been authenticated from legal k-th of data packet for being certified end in the present invention, and has recorded its channel characteristics, is certified end and has also been had been received by the confirmation packet from legitimate authentication end, and records its channel characteristics HBA(k).It is certified end and calculates authentication response sequence YBA(k), by YBA(k) and+1 data packet of kth is sent to certification end, and certification end is according to YBA(k) and HAB(k), current data packet is judged whether still from end is certified, so that judgement is certified whether end is legal terminal.Present system includes channel characteristics extraction module, data processing module and determination module.The present invention is both able to achieve unilateral authentication, is also able to achieve two-way authentication.The present invention realizes real-time, the dynamic authentication by packet based on radio channel characteristic in physical layer, eliminates the spoofing attack of identity-based.The invention belongs to non-encrypted certification, have complexity low, communication overhead is small, delay is small and it is low in energy consumption the features such as.

Description

A kind of physical layer authentication method and system suitable for mobile wireless network environment
Technical field
The invention belongs to wireless network secure technical fields, are related to a kind of physical layer suitable for mobile wireless network environment Authentication method and system.
Background technique
As wireless communication technique is in the extensive use of the every field such as military, finance and medical treatment, safety and reliable Property problem is also increasingly by the attention of people.Due to the opening of wireless channel, wireless network is easily subject to identity-based Spoofing attack, unauthorized user attempt that another legitimate user is pretended to be to obtain the permission for entering network system.In wireless network In network environment, attacker is easy to initiate the attack of identity-based, and the attack of identity-based is considered as that attacker's initiation is various The first step of type flaw attack, such as Session Hijack, refusal service (DOS) and man-in-the-middle attack.For example, in 802.11 networks, Attacker can change the MAC Address of equipment by ifconfig order, to palm off other legitimate devices.Authentication is place The effective ways of the attack of such identity-based are managed, in this way, target receiver can verify related transmitting terminal Identity, and ensure received data from expected user.
Currently, the authentication mechanism in wireless network be by being realized based on the encryption technology of key on upper layer, although Traditional encryption technology can prevent the attack of identity-based to a certain extent, but they or inefficiency or at certain It is restricted in a little application scenarios.Firstly, the security key distribution and management in extensive or dynamic wireless network are one huge Big challenge, or even in high dynamic network environment be infeasible;Secondly, once these keys distributed in advance are leaked, The overall security of authentication mechanism will be destroyed;Third, traditional authentication mechanism based on encryption are by upper-layer protocol stack come real Existing, communication overhead is big, and computation complexity is high, time delay is big.Moreover, traditional upper layer certification can not solve attacking from physical layer It hits.Therefore traditional authentication mechanism based on encryption is not suitable for resource-constrained wireless network, needs to construct a kind of new be applicable in In the lightweight security authentication mechanism of resource-constrained wireless network.
For the above-mentioned weakness for solving conventional authentication technology, occur solving nothing using wireless channel physical layer attributes in recent years The new approaches of gauze network authentication question.Physical layer certification based on channel characteristics utilizes physical channel characteristics, as channel status is believed Breath (CSI) or received signal strength (RSS) distinguish legitimate sender and illegal sender as channel fingerprint.Its basic thought Be radio channel characteristic between legitimate sender and recipient it is that reciprocity and space are unique, is located at from legitimate user different The attacker of position will undergo independent decline, therefore be unable to measure channel characteristics identical with legitimate user.Based on this sky Between uncorrelated principle, recipient can distinguish legitimate sender and the attacker that is cheated.Specifically, in physical layer authenticating party In case, recipient is by being continuously compared to certification different location for current CSI or RSS and previously legal CSI or RSS The identity of the sender at place.Whether physical layer certification usually determines new information by combining channel measurement with hypothesis testing From the previous legal person by certification.Compared with traditional authentication mechanism based on encryption, characteristics of radio channels is difficult to imitate, And physical layer certification have many advantages, such as that computation complexity is low, communication overhead is small, time delay is small and low in energy consumption, be highly suitable for resource by The wireless network terminal of limit carries out real-time authentication.Therefore, quickly and effectively message authentication may be implemented in physical layer certification, is regarded For the supplement enhanced scheme authenticated to existing upper layer, for example, when the authentication key that upper layer authentication mechanism uses is leaked, physics Layer certification may be used as supplement authentication method to verify the identity of sender.
But the physical layer certificate scheme of existing proposition is only applicable to static network environment, under the communication environment of high-speed mobile And it is not suitable for.Safety of physical layer certification is very high to channel relevancy requirement, (since communication terminal is mobile when channel relevancy is too low Lead to that channel is uncorrelated or channel measurement time it is poor be more than the correlated time of channel), physical layer certification can not carry out.Existing proposition Physical layer certificate scheme by comparing whether the channel characteristics of data packet are unanimously authenticated twice before and after transmitting terminal, its base In it is assumed hereinafter that: in channel coherency time, the CSI or RSS of successive frame are highly relevant.For example, in 2.4GH carrier communication In, when transmitting terminal and receiving end have lower relative velocity, for example, when walking speed is 1m/s, maximum Doppler frequency Shifting isTherefore channel coherency time may be calculated? In this case, existing physical layer certification is effective.However, channel coherency time shortens with the increase of movement speed.Example Such as, in the high-speed mobile environment that travel speed is 10m/s, channel coherency time 2.24ms.In this case, frame period Channel coherency time may be greater than, therefore the certification of existing physical layer cannot work well in high-speed mobile network environment. In high-speed mobile network environment, increase since the movement of communication terminal will lead to Doppler frequency shift, so as to cause multipath channel Time-varying occurs, channel coherency time becomes smaller, so time interval needed for must assure that the certification of continuous physical layer is less than channel When coherence time, physical layer certificate scheme could succeed.So how in mobile network environment guarantee physical layer certification can Become the critical issue in physical layer certification with property.
Summary of the invention
One object of the present invention is not suitable for high-speed mobile wireless network ring aiming at above-mentioned physical layer certificate scheme The defect in border provides a kind of physical layer authentication method suitable for mobile wireless network environment.This method is wireless whole for two The certification that continuous data packet is carried out between end, has many advantages, such as that computation complexity is low, communication overhead is small, time delay is small and low in energy consumption, It is highly suitable for resource-constrained wireless network terminal and carries out real-time identity authentication.The present invention can be achieved unilateral authentication and two-way recognize Card.
Above-mentioned purpose to realize the present invention, the method for the present invention are as follows:
Assuming that terminal B has been verified that k-th of data packet DATA from legal terminal Ak, and the channel for having recorded it is special Levy HAB(k)={ HAB,1(k),HAB,2(k),...,HAB,n(k) }, terminal A has also had received from legal terminal B to k-th The confirmation packet ACK of data packetk, and have recorded its channel characteristics HBA(k)={ HBA,1(k),HBA,2(k),...,HBA,n(k)};? After receiving (k+1) a data packet, terminal B records its channel characteristics and determines current (k by physical layer certification + 1) whether a data packet still carrys out self terminal A, or comes from potential attacker.Communication terminal A and communication terminal B is any nothing Line terminal equipment, wireless access point AP or base station.Communication terminal A and communication terminal B transmitting terminal and receiving end each other, can be shifting Dynamic, it is also possible to static.
In unidirectional authentication, if communication terminal A is the end that is certified being certified, communication terminal B is authenticated Certification end.
Step (1.1) is certified end A random selection parameter ρA(k) ∈ (0,1) and random sequence HBA(k) ', and root According to the H of recordBA(k), a new sequence is calculated as authentication response sequence YBA(k),HBA(k) ' it is one and HBA(k) incoherent random sequence, cov (HBA (k),HBA(k) ')=0;Sequence HBA(k) and sequence HBA(k) ' related coefficient be ρA(k):
ρHBAYBA=ρ (HBA(k),YBA(k))=ρA(k);
Step (1.2) is certified end A and sends (k+1) a data packet DATA to certification end Bk+1, authentication response sequence YBA (k) and parameter ρA(k), i.e. DATAk+1||YBA(k)||ρA(k);
Step (1.3) certification end B is according to the data packet DATA receivedk+1, extract and record channel characteristics sequence HAB(k+ 1)={ HAB,1(k+1),HAB,2(k+1),...,HAB,n(k+1)};N indicates the numerical value number inside sequence;
Step (1.4) certification end B sequence of calculation HAB(k) and YBA(k) related coefficient is ρA(k) ':
ρHABYBA=ρ (HAB(k),YBA(k))=ρA(k)′;
According to channel correlation theory, ρA(k) and ρA(k) ' there should be high similarity;
Step (1.5) certification end B is according to ρA(k) and ρA(k) ' similarity to be certified end A carry out legitimacy certification:
If a. the similarity is greater than or equal to the threshold epsilon of setting, success is authenticated, it is believed that sender is legal is certified A is held, and sends data packet DATA a to (k+1)k+1Confirmation data packet ACKk+1A is held to being certified;
If b. the similarity is less than the threshold epsilon of setting, authentification failure, it is believed that sender is illegal terminal, certification end B The data packet is abandoned, and requires to be certified end A retransmission (k+1) a data packet DATAk+1
Step (1.6) is certified end A according to the confirmation data packet ACK receivedk+1, extract and record channel characteristics sequence HBA(k+1)={ HBA,1(k+1),HBA,2(k+1),...,HBA,n(k+1)};
Step (1.7) repeats step (1.1) to (1.6), carries out the certification of next data packet.
After terminal B authenticates terminal A, if terminal A will also authenticate terminal B simultaneously, both sides execute two-way authentication, in step (1.5) after, both sides operate according to the following steps:
Step (2.1) terminal B randomly chooses parameter ρB(k+1) ∈ (0,1) and random sequence HAB(k+1) ', and root According to the H of recordAB(k+1), a new sequence is calculated as authentication response sequence YBA(k+1):
HAB(k+1) ' it is one and HAB(k+1) incoherent random sequence, cov (HAB(k+1),HAB(k+1) ')=0;Sequence Arrange HBA(k+1) and sequence HBA(k+1) ' related coefficient be ρB(k+1), i.e. ρHABYAB=ρ (HAB(k+1),YAB(k+1))=ρB(k +1);
Step (2.2) terminal B sends (k+1) a data packet DATA to terminal Ak+1Confirmation packet ACKk+1, authentication response Sequence YAB(k+1) and parameter ρB(k+1), i.e. ACKk+1||YAB(k+1)||ρB(k+1);
Step (2.3) terminal A wraps ACK according to confirmation is receivedk+1, it extracts and records channel characteristics sequence:
HBA(k+1)={ HBA,1(k+1),HBA,2(k+1),...,HBA,n(k+1)};
Step (2.4) terminal A sequence of calculation HBA(k+1) and YAB(k+1) related coefficient is ρB(k+1) ':
ρHBAYAB=ρ (HBA(k+1),YAB(k+1))=ρB(k+1)';
According to channel correlation theory, ρB(k+1) and ρB(k+1) ' answer high similarity;
Step (2.5) terminal A is according to ρB(k+1) and ρB(k+1) ' similarity to terminal B carry out legitimacy certification:
If a. the similarity is greater than or equal to the threshold epsilon of setting, success is authenticated, it is believed that sender is legal terminal B, And it jumps to step (1.1) and starts next data packet DATAk+2Verification process;
If b. the similarity is less than the threshold epsilon of setting, authentification failure, it is believed that sender is illegal terminal, and terminal A loses The confirmation packet is abandoned, and retransmits (k+1) a data packet DATA to terminal Bk+1
Step (2.6) is to data packet DATAk+2After being authenticated, step (2.1) to (2.6) are repeated, carry out data packet DATAk+2Confirmation packet ACKk+2Certification.
Another object of the present invention also provides a kind of physical layer Verification System suitable for mobile wireless network environment, is used for The certification of carry out continuous data packet between two wireless communication terminals, including channel characteristics extraction module, data processing module And determination module.Two wireless communication terminals transmitting terminal and receiving end each other, are able to carry out unidirectional authentication and bidirectional identification Certification.
Channel characteristics extraction module: channel characteristics sequence is obtained according to the data packet that transmitting terminal is sent for controlling and receiving end HAB
Data processing module: for completing processing of the terminal device to the data for being authenticated, including generation certification Response sequence and sequence of calculation related coefficient;During in certification end, B certification is certified end A, data processing module logarithm According to processing function include:
It is being certified end A: random selection parameter ρA(k) ∈ (0,1) and random sequence HBA(k) ', and according to record HBA(k), an authentication response sequence is calculated
In certification end B: sequence of calculation HAB(k) and sequence YBA(k) correlation coefficient ρHABYBA=ρ (HAB(k),YBA(k))= ρA(k)'。
Determination module: the correlation coefficient ρ that will be calculated for authenticating terminalA(k) ' and from the phase for being certified terminal and receiving Relationship number ρA(k) it is compared, if similarity is greater than or equal to the threshold epsilon of setting, authenticates success, it is believed that sender is to close Method terminal;If similarity is less than the threshold epsilon of setting, authentification failure, it is believed that sender is illegal terminal.
Authentication method and system provided by the invention solves existing physical layer certification and is not suitable for high-speed mobile wireless network The defect of network environment.Different from being authenticated in existing scheme using the correlation of continuous two data packet channel characteristics.This hair Bright method is authenticated using the correlation of data packet and its confirmation packet channel characteristics, therefore the time difference measured twice is much smaller than The correlated time of channel.For example, when data rate is 12Mbps, data package size is 512 bytes in 802.11 wireless networks When, measured twice using this method between time difference be about 0.5ms, much smaller than travel speed be 10m/s high-speed mobile ring Channel coherency time 2.24ms when border.Therefore, the mentioned physical layer authentication method of the present invention is in high-speed mobile wireless network environment In can also work well.
In addition, in the mentioned method of the present invention, be certified the authentication response sequence for holding A to send to certification end B be one with Machine sequence, rather than true channel characteristics are sent, because being given without revealing related legal bipartite channel characteristic information Attacker.Therefore, the mentioned method of the present invention is safer, not will lead to the loss of confidentiality.
Beneficial effect of the present invention includes:
(1) present invention is authenticated using the channel characteristics of two-way continuous data packet, the time difference of two-way continuous data packet Much smaller than channel coherency time, solves current physical layer certificate scheme and be not suitable for lacking for high-speed mobile wireless network environment It falls into, unilateral authentication and two-way authentication can be realized in mobile wireless network environment and static wireless network environment.
(2) present invention takes full advantage of the reciprocity and space uniqueness of communicating pair channel, realizes base in physical layer In real-time, the dynamic authentication by packet of radio channel characteristic, the spoofing attack of identity-based is eliminated.
(3) present invention does not send true channel characteristics, will not reveal in relation to the channel characteristics between legitimate correspondence terminal Information, it is therefore, safer in the mentioned method of the present invention, it not will lead to the loss of confidentiality.
(4) the invention belongs to non-encrypted certifications, are not related to complicated cryptographic algorithm, have computation complexity low, are delayed small The characteristics of, realize the rapid authentication of lightweight.
Detailed description of the invention
Fig. 1 is to be suitable for the invention network system environmental structure diagram;
Fig. 2 is a specific embodiment of the invention;
Fig. 3 is the identifying procedure figure that terminal B authenticates terminal A in specific embodiments of the present invention;
Fig. 4 is the identifying procedure figure that terminal A authenticates terminal B in specific embodiments of the present invention;
Fig. 5 is data packet transmittance process schematic diagram of the invention;
Fig. 6 is present inventive verification system structural schematic diagram.
Specific embodiment
The present invention will be further explained below with reference to the attached drawings, but protection scope of the present invention be not limited to it is as described below.
As shown in Figure 1, the present invention is suitable for all wireless communication environment, led between terminal by wireless channel Letter.In the present invention, terminal A, terminal B and terminal E can be any wireless terminal device, wireless access point AP or base station.Eventually Holding A and terminal B is the legal terminal to be securely communicated, and can be quiescent terminal and is also possible to mobile terminal.Terminal E is non- Method terminal, it is intended to palm off legal terminal A or terminal B.In order to avoid illegal terminal E personation legal terminal A and terminal B is led to Letter, terminal B can be based on a kind of physical layer authentication methods suitable for mobile wireless network environment of the present invention to terminal A Carry out authentication.Similarly, in order to avoid illegal terminal E personation legal terminal B is communicated with terminal A, terminal A can be based on A kind of physical layer authentication method suitable for mobile wireless network environment of the present invention carries out authentication to terminal B.
Fig. 2 is a specific embodiment of the invention, it is clear that the embodiment is a part of the embodiment of the application, Rather than whole embodiments, based on the embodiment of the present invention, those skilled in the art's every other embodiment obtained all belongs to In the protection scope of the application.
As shown in Fig. 2, including proper mobile terminal A and terminal B (being base station in Fig. 2) and one in mobile communication system Illegal terminal E.Terminal A is to be certified end, and terminal B is certification end, and illegal terminal E attempts to palm off terminal A, and sends the number of forgery Terminal B is given according to packet.Therefore, to avoid illegal terminal E from palming off legal terminal A (pseudo- user's attack), terminal B will send terminal A Data packet packet-by-packet authenticated.Terminal B is authenticated using the physical layer proposed by the present invention suitable for mobile wireless network environment Method and system packet-by-packet authenticate the data packet that sender sends, to realize the certification to identity of the sender.
Assuming that terminal B has been verified that k-th of data packet DATA from legal terminal Ak, and the channel for having recorded it is special Levy HAB(k)={ HAB,1(k),HAB,2(k),...,HAB,n(k) }, terminal A has also had been received by counting to k-th from legal terminal B According to the confirmation packet ACK of packetk, and have recorded its channel characteristics HBA(k)={ HBA,1(k),HBA,2(k),...,HBA,n(k)}。
As shown in figure 3, terminal B certification terminal A detailed process the following steps are included:
Step (1.1) terminal A randomly chooses parameter ρA(k) ∈ (0,1) and random sequence HBA(k) ', and according to note The H of recordBA(k), a new sequence is calculated as authentication response sequence YBA(k),HBA(k) ' it is one and HBA(k) incoherent random sequence, cov (HBA (k),HBA(k) ')=0;Sequence HBA(k) and sequence HBA(k) ' related coefficient be ρA(k), i.e. ρHBAYBA=ρ (HBA(k),YBA (k))=ρA(k);
Step (1.2) terminal A sends+1 data packet DATA of kth to terminal Bk+1, authentication response sequence YBA(k) and parameter ρA(k), i.e. DATAk+1||YBA(k)||ρA(k);
Step (1.3) terminal B is according to receiving data packet DATAk+1, extract and record channel characteristics sequence HAB(k+1)= {HAB,1(k+1),HAB,2(k+1),...,HAB,n(k+1)};N indicates the numerical value number inside sequence;
Step (1.4) terminal B sequence of calculation HAB(k) and YBA(k) related coefficient is ρA(k) ':
ρHABYBA=ρ (HAB(k),YBA(k))=ρA(k)′;According to channel correlation theory, ρA(k) and ρA(k) ' answer height phase Like property;
Step (1.5) terminal B is according to ρA(k) and ρA(k) ' similarity to terminal A carry out legitimacy certification, method is such as Under:
If a. the similarity is greater than or equal to the threshold epsilon of setting, success is authenticated, it is believed that sender is legal terminal A, And it sends to+1 data packet DATA of kthk+1Confirmation data packet ACKk+1Give terminal A;
If b. the similarity is less than the threshold epsilon of setting, authentification failure, it is believed that sender is illegal terminal, and terminal B loses The data packet is abandoned, and terminal A is required to retransmit+1 data packet DATA of kthk+1
Step (1.6) terminal A is according to the confirmation data packet ACK receivedk+1, extract and record channel characteristics sequence HBA(k + 1)={ HBA,1(k+1),HBA,2(k+1),...,HBA,n(k+1)};
Step (1.7) repeats step (1.1) to (1.6), carries out the certification of next data packet.
Illegal terminal E can also attempt personation terminal B and be communicated (pseudo-base station attack) with terminal A, therefore, illegal to avoid Terminal E palms off legal terminal B, and terminal A will also authenticate the identity of terminal B.Terminal A is suitable for using proposed by the present invention The physical layer authentication method and system of mobile wireless network environment authenticates the identity of sender.
As shown in figure 4, terminal A certification terminal B detailed process the following steps are included:
Assuming that terminal A has also had verified that the confirmation packet ACK to k-th of data packet from legal terminal Bk, and have recorded Its channel characteristics HBA(k)={ HBA,1(k),HBA,2(k),...,HBA,n(k)}.Terminal B demonstrates to come according to above-mentioned steps From+1 data packet DATA of kth of legal terminal Ak+1, have recorded its channel characteristics:
HAB(k+1)={ HAB,1(k+1),HAB,2(k+1),...,HAB,n(k+1) } it, and to send to terminal A to (k+1) A data packet DATAk+1Confirmation data packet ACKk+1
Step (2.1) terminal B randomly chooses parameter ρB(k+1) ∈ (0,1) and random sequence HAB(k+1) ', and root According to the H of recordAB(k+1), a new sequence is calculated as authentication response sequence YBA(k+1),HAB(k+1) ' it is one and HAB(k+1) incoherent random Sequence, cov (HAB(k+1),HAB(k+1) ')=0;Sequence HBA(k+1) and sequence HBA(k+1) ' related coefficient be ρB(k+1), That is ρHABYAB=ρ (HAB(k+1),YAB(k+1))=ρB(k+1);
Step (2.2) terminal B sends+1 data packet DATA of kth to terminal Ak+1Confirmation packet ACKk+1, authentication response sequence Arrange YAB(k+1) and parameter ρB(k+1), i.e. ACKk+1||YAB(k+1)||ρB(k+1);
Step (2.3) terminal A wraps ACK according to confirmation is receivedk+1, extract and record channel characteristics sequence HBA(k+1)= {HBA,1(k+1),HBA,2(k+1),...,HBA,n(k+1)};
Step (2.4) communication terminal A sequence of calculation HBA(k+1) and YAB(k+1) related coefficient is ρB(k+1) ':
ρHBAYAB=ρ (HBA(k+1),YAB(k+1))=ρB(k+1)';
According to channel correlation theory, ρB(k+1) and ρB(k+1) ' answer high similarity;
Step (2.5) terminal A is according to ρB(k+1) and ρB(k+1) ' similarity to terminal B carry out legitimacy certification, such as Under:
If a. the similarity is greater than or equal to the threshold epsilon of setting, success is authenticated, it is believed that sender is legal terminal B, And it jumps to step (1.1) and starts next data packet DATAk+2Verification process;;
If b. the similarity is less than the threshold epsilon of setting, authentification failure, it is believed that sender is illegal terminal, and terminal A loses The confirmation packet is abandoned, and retransmits+1 data packet DATA of kth to terminal Bk+1
Step (2.6) is to data packet DATAk+2After being authenticated, step (2.1) to (2.6) are repeated, carry out data packet DATAk+2Confirmation packet ACKk+2Certification.
Data packet transmittance process schematic diagram when terminal A and terminal B progress two-way authentication is as shown in Figure 5.Verification process is simultaneously The number of communications of communicating pair is not increased.
Fig. 6 is a kind of physical layer Verification System structural representation suitable for mobile wireless network environment provided by the present invention Figure, specifically includes channel characteristics extraction module, data processing module and determination module.
Channel characteristics extraction module: channel characteristics sequence is obtained according to the data packet that transmitting terminal is sent for controlling and receiving end Column;
Data processing module: for completing processing of the terminal device to the data for being authenticated, including generation certification Response sequence and sequence of calculation related coefficient;For example, in this example, during terminal B authenticates terminal A, being certified Terminal A, data processing module include: random selection parameter ρ to the processing function of dataA(k) ∈ (0,1) and a random sequence HBA(k) ', and according to the H of recordBA(k), a new sequence is calculated as authentication response sequence YBA(k),In certification terminal B, processing function of the data processing module to data are as follows: meter Calculate sequence HAB(k) and sequence YBA(k) correlation coefficient ρHABYBA=ρ (HAB(k),YBA(k))=ρA(k)'。
Determination module: for authenticating terminal by the related coefficient being calculated and from the related coefficient for being certified terminal and receiving It is compared, if similarity is greater than or equal to the threshold epsilon of setting, authenticates success, it is believed that sender is legal terminal;If Similarity is less than the threshold epsilon of setting, then authentification failure, it is believed that sender is illegal terminal.
Emphasis of the invention solves existing physical layer certificate scheme and is not suitable for high-speed mobile wireless network environment Defect can be realized the unilateral authentication in mobile wireless network environment and static wireless network environment and two-way authentication.

Claims (7)

1. a kind of physical layer authentication method suitable for mobile wireless network environment, if
Communication terminal B has had authenticated k-th of the data packet DATA receivedkFor from legal communication terminal A, and have recorded Its channel characteristics HAB(k)={ HAB,1(k),HAB,2(k),...,HAB,n(k)};
Communication terminal A has also had received the confirmation packet ACK of k-th of data packetkFrom legal communication terminal B, and have recorded it Channel characteristics HBA(k)={ HBA,1(k),HBA,2(k),...,HBA,n(k)};
After receiving (k+1) a data packet, communication terminal B records its channel characteristics, and by physical layer certification come really Whether (k+1) a data packet before settled still comes from communication terminal A, or comes from potential attacker;
It is characterized in that specific authentication method is as follows:
If communication terminal A is the end that is certified being certified, communication terminal B is the certification end authenticated;
Step (1.1) is certified end A random selection parameter ρA(k) ∈ (0,1) and random sequence HBA(k) ', and according to note The H of recordBA(k), a new sequence is calculated as authentication response sequence YBA(k),HBA(k) ' it is one and HBA(k) incoherent random sequence, cov (HBA (k),HBA(k) ')=0;Sequence HBA(k) and sequence HBA(k) ' related coefficient be ρA(k):
Step (1.2) is certified end A and sends (k+1) a data packet DATA to certification end Bk+1, authentication response sequence YBA(k) and Parameter ρA(k), i.e. DATAk+1||YBA(k)||ρA(k);
Step (1.3) certification end B is according to the data packet DATA receivedk+1, extract and record channel characteristics sequence HAB(k+1)= {HAB,1(k+1),HAB,2(k+1),...,HAB,n(k+1)};N indicates the numerical value number inside sequence;
Step (1.4) certification end B sequence of calculation HAB(k) and YBA(k) related coefficient is ρA(k) ':
Step (1.5) certification end B is according to ρA(k) and ρA(k) ' similarity to be certified end A carry out legitimacy certification:
If a. the similarity is greater than or equal to the threshold epsilon of setting, success is authenticated, it is believed that sender is that legal be certified holds A, And send data packet DATA a to (k+1)k+1Confirmation data packet ACKk+1A is held to being certified;
If b. the similarity is less than the threshold epsilon of setting, authentification failure, it is believed that sender is illegal terminal, and certification end B is abandoned The data packet, and require to be certified end A retransmission (k+1) a data packet DATAk+1
Step (1.6) is certified end A according to the confirmation data packet ACK receivedk+1, extract and record channel characteristics sequence HBA(k + 1)={ HBA,1(k+1),HBA,2(k+1),...,HBA,n(k+1)};
Step (1.7) repeats step (1.1) to (1.6), carries out the certification of next data packet.
2. a kind of physical layer authentication method suitable for mobile wireless network environment as described in claim 1, it is characterised in that: After communication terminal B authenticates communication terminal A, if communication terminal A will also authenticate communication terminal B simultaneously, both sides execute two-way authentication, After step (1.5), both sides operate according to the following steps:
Step (2.1) communication terminal B randomly chooses parameter ρB(k+1) ∈ (0,1) and random sequence HAB(k+1) ', and root According to the H of recordAB(k+1), a new sequence is calculated as authentication response sequence YBA(k+1):
HAB(k+1) ' it is one and HAB(k+1) incoherent random sequence, cov (HAB(k+1),HAB(k+1) ')=0;Sequence HBA (k+1) and sequence HBA(k+1) ' related coefficient be ρB(k+1), i.e.,
Step (2.2) communication terminal B sends (k+1) a data packet DATA to communication terminal Ak+1Confirmation packet ACKk+1, certification Response sequence YAB(k+1) and parameter ρB(k+1), i.e. ACKk+1||YAB(k+1)||ρB(k+1);
Step (2.3) communication terminal A wraps ACK according to confirmation is receivedk+1, it extracts and records channel characteristics sequence:
HBA(k+1)={ HBA,1(k+1),HBA,2(k+1),...,HBA,n(k+1)};
Step (2.4) communication terminal A sequence of calculation HBA(k+1) and YAB(k+1) related coefficient is ρB(k+1) ':
ρHBAYAB=ρ (HBA(k+1),YAB(k+1))=ρB(k+1)';
Step (2.5) communication terminal A is according to ρB(k+1) and ρB(k+1) ' similarity to communication terminal B carry out legitimacy certification:
If a. the similarity is greater than or equal to the threshold epsilon of setting, success is authenticated, it is believed that sender is legitimate correspondence terminal B, And it jumps to step (1.1) and starts next data packet DATAk+2Verification process;
If b. the similarity is less than the threshold epsilon of setting, authentification failure, it is believed that sender is illegal terminal, and communication terminal A loses The confirmation packet is abandoned, and retransmits (k+1) a data packet DATA to communication terminal Bk+1
Step (2.6) is to data packet DATAk+2After being authenticated, step (2.1) to (2.6) are repeated, carry out data packet DATAk+2 Confirmation packet ACKk+2Certification.
3. a kind of physical layer authentication method suitable for mobile wireless network environment as claimed in claim 1 or 2, feature exist In: the communication terminal A and communication terminal B is any wireless terminal device, wireless access point AP or base station.
4. a kind of physical layer authentication method suitable for mobile wireless network environment as claimed in claim 1 or 2, feature exist It is mobile or static in: communication terminal A and communication terminal B transmitting terminal and receiving end each other.
5. a kind of physical layer Verification System suitable for mobile wireless network environment, for the company between two wireless communication terminals The certification of continuous data packet, it is characterised in that: including channel characteristics extraction module, data processing module and determination module;
The channel characteristics extraction module: channel characteristics sequence is obtained according to the data packet that transmitting terminal is sent for controlling and receiving end Arrange HAB
The data processing module for completing processing of the terminal device to the data for being authenticated, including generates and recognizes Demonstrate,prove response sequence and sequence of calculation related coefficient;
The determination module, the correlation coefficient ρ that will be calculated for authenticating terminalA(k) ' and from being certified what terminal received Correlation coefficient ρA(k) it is compared, if similarity is greater than or equal to the threshold epsilon of setting, authenticates success, it is believed that sender is Legal terminal;If similarity is less than the threshold epsilon of setting, authentification failure, it is believed that sender is illegal terminal.
6. a kind of physical layer Verification System suitable for mobile wireless network environment as claimed in claim 5, it is characterised in that:
During in certification end, certification is certified end, data processing module includes: to the processing function of data
It is being certified end A: random selection parameter ρA(k) ∈ (0,1) and random sequence HBA(k) ', and according to the H of recordBA (k), an authentication response sequence is calculated
In certification end B: sequence of calculation HAB(k) and sequence YBA(k) related coefficient
7. a kind of physical layer Verification System suitable for mobile wireless network environment as claimed in claim 5, it is characterised in that: Two wireless communication terminals transmitting terminal and receiving end each other, are able to carry out unidirectional authentication and bidirectional identity authentication.
CN201910058251.8A 2019-01-22 2019-01-22 Physical layer authentication method and system suitable for mobile wireless network environment Active CN109862563B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910058251.8A CN109862563B (en) 2019-01-22 2019-01-22 Physical layer authentication method and system suitable for mobile wireless network environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910058251.8A CN109862563B (en) 2019-01-22 2019-01-22 Physical layer authentication method and system suitable for mobile wireless network environment

Publications (2)

Publication Number Publication Date
CN109862563A true CN109862563A (en) 2019-06-07
CN109862563B CN109862563B (en) 2021-08-10

Family

ID=66895567

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910058251.8A Active CN109862563B (en) 2019-01-22 2019-01-22 Physical layer authentication method and system suitable for mobile wireless network environment

Country Status (1)

Country Link
CN (1) CN109862563B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541632A (en) * 2020-04-20 2020-08-14 四川农业大学 Physical layer authentication method based on principal component analysis and residual error network
CN112868006A (en) * 2020-12-04 2021-05-28 华为技术有限公司 Authentication method, equipment and related product
CN113840285A (en) * 2021-09-09 2021-12-24 北京邮电大学 Physical layer collaborative authentication method and system based on 5G and electronic equipment
CN115174220A (en) * 2022-07-06 2022-10-11 四川九洲空管科技有限责任公司 Physical layer security authentication method based on dynamic time warping

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140040985A1 (en) * 2011-12-29 2014-02-06 Xianbin Wang Method and apparatus for wireless security enhancement using multiple attributes monitoring, continuous and interleaved authentication, and system adaptation
CN105635125A (en) * 2015-12-25 2016-06-01 电子科技大学 Physical layer combined authentication method based on RF fingerprint and channel information
CN106604270A (en) * 2016-12-05 2017-04-26 清华大学 Message encryption method by means of wireless physical layer information
CN106792685A (en) * 2016-12-13 2017-05-31 北京北邮信息网络产业研究院有限公司 A kind of joint qualification method based on carrier frequency and received signal strength
CN108304877A (en) * 2018-02-02 2018-07-20 电子科技大学 A kind of physical layer channel authentication method based on machine learning

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140040985A1 (en) * 2011-12-29 2014-02-06 Xianbin Wang Method and apparatus for wireless security enhancement using multiple attributes monitoring, continuous and interleaved authentication, and system adaptation
CN105635125A (en) * 2015-12-25 2016-06-01 电子科技大学 Physical layer combined authentication method based on RF fingerprint and channel information
CN106604270A (en) * 2016-12-05 2017-04-26 清华大学 Message encryption method by means of wireless physical layer information
CN106792685A (en) * 2016-12-13 2017-05-31 北京北邮信息网络产业研究院有限公司 A kind of joint qualification method based on carrier frequency and received signal strength
CN108304877A (en) * 2018-02-02 2018-07-20 电子科技大学 A kind of physical layer channel authentication method based on machine learning

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
FEI PAN ET AL.: "《Physical Layer Authentication Based on Channel Information and Machine Learning》", 《2017 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS)》 *
QIUHUA WANG: "《A Novel Physical Layer Assisted Authentication Scheme for Mobile Wireless Sensor Networks》", 《SENSORS》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541632A (en) * 2020-04-20 2020-08-14 四川农业大学 Physical layer authentication method based on principal component analysis and residual error network
CN111541632B (en) * 2020-04-20 2020-11-03 四川农业大学 Physical layer authentication method based on principal component analysis and residual error network
CN112868006A (en) * 2020-12-04 2021-05-28 华为技术有限公司 Authentication method, equipment and related product
CN113840285A (en) * 2021-09-09 2021-12-24 北京邮电大学 Physical layer collaborative authentication method and system based on 5G and electronic equipment
CN115174220A (en) * 2022-07-06 2022-10-11 四川九洲空管科技有限责任公司 Physical layer security authentication method based on dynamic time warping

Also Published As

Publication number Publication date
CN109862563B (en) 2021-08-10

Similar Documents

Publication Publication Date Title
CN109819444B (en) Physical layer initial authentication method and system based on wireless channel characteristics
Wazid et al. LAM-CIoT: Lightweight authentication mechanism in cloud-based IoT environment
Ying et al. Anonymous and lightweight authentication for secure vehicular networks
Varshavsky et al. Amigo: Proximity-based authentication of mobile devices
CN109862563A (en) A kind of physical layer authentication method and system suitable for mobile wireless network environment
CN105162778B (en) Cross-layer authentication method based on radio-frequency fingerprint
CN103532713B (en) Sensor authentication and shared key production method and system and sensor
CN107360571B (en) Method for anonymous mutual authentication and key agreement protocol in mobile network
CN103338201B (en) The remote identity authentication method that under a kind of environment of multi-server, registration center participates in
CN102256249A (en) Identity authentication method and equipment applied to wireless network
CN103346888A (en) Remote identity authentication method based on password, smart card and biological features
CN107612949B (en) Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint
CN105873042A (en) Lightweight class 5G access authentication method
CN110020524A (en) A kind of mutual authentication method based on smart card
CN103346887A (en) Low-complexity identity authentication method based on intelligent card and under multiserver environment
US20230075612A1 (en) Privacy protection authentication method based on wireless body area network
CN110190965A (en) A kind of RFID cluster label authentication protocol based on hash function
CN113572765B (en) Lightweight identity authentication key negotiation method for resource-limited terminal
Riaz et al. SUBBASE: An authentication scheme for wireless sensor networks based on user biometrics
Scannell et al. Proximity-based authentication of mobile devices
CN107786978B (en) NFC authentication system based on quantum encryption
CN103596179A (en) Wireless local area network access authentication service attack denial resisting method based on radio frequency tag
Sun et al. A lightweight multi-factor mobile user authentication scheme
Yoon et al. Cryptanalysis of robust mutual authentication protocol for wireless sensor networks
CN110460972A (en) A method of the lightweight inter-vehicle communication certification towards In-vehicle networking

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant